# Pitfall Log

Project: anthropics/claude-code

Summary: Found 39 structured pitfall item(s), including 16 high/blocking item(s). Top priority: Installation risk - Installation risk requires verification.

## 1. Installation risk - Installation risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_6fd2423d8dd840ad898450c124291027 | https://github.com/anthropics/claude-code/issues/63335

## 2. Installation risk - Installation risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_abbd745212d743c6b17ef3e919d49b0d | https://github.com/anthropics/claude-code/issues/64109

## 3. Configuration risk - Configuration risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_cd5af4117b394f29bd45302db852a9e9 | https://github.com/anthropics/claude-code/issues/61298

## 4. Configuration risk - Configuration risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_e75af4578a6c41e8820a88e1e8b8d617 | https://github.com/anthropics/claude-code/issues/64111

## 5. Configuration risk - Configuration risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_262f6cbca571401884333f86087e0ddd | https://github.com/anthropics/claude-code/issues/64095

## 6. Configuration risk - Configuration risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_9c64894658eb475f9ad68245eed8d2f5 | https://github.com/anthropics/claude-code/issues/64094

## 7. Capability evidence risk - Capability evidence risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a capability evidence risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_e0c0e16324d045f38cb9237f7f4dfff6 | https://github.com/anthropics/claude-code/issues/64115

## 8. Runtime risk - Runtime risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_a1a5923e7779438ca2f53dafbaf38d00 | https://github.com/anthropics/claude-code/issues/13354

## 9. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: Remote Control (/remote-control) disconnects frequently
- User impact: Developers may expose sensitive permissions or credentials: Remote Control (/remote-control) disconnects frequently
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Remote Control (/remote-control) disconnects frequently. Context: Observed when using windows, macos, linux
- Guardrail: Do not recommend enabling privileged or credential-bearing paths until the source-backed risk is reviewed: https://github.com/anthropics/claude-code/issues/33041
- Evidence: failure_mode_cluster:github_issue | fmev_9c4c7261c368bad5ca3425e0acae9cca | https://github.com/anthropics/claude-code/issues/33041

## 10. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Developers should check this security_permissions risk before relying on the project: [BUG] VS Code extension doesn't load Chrome browser tools in chat panel despite docs stating @browser should work (Linux)
- User impact: Developers may expose sensitive permissions or credentials: [BUG] VS Code extension doesn't load Chrome browser tools in chat panel despite docs stating @browser should work (Linux)
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [BUG] VS Code extension doesn't load Chrome browser tools in chat panel despite docs stating @browser should work (Linux). Context: Observed when using node, linux
- Guardrail: Do not recommend enabling privileged or credential-bearing paths until the source-backed risk is reviewed: https://github.com/anthropics/claude-code/issues/50423
- Evidence: failure_mode_cluster:github_issue | fmev_8458acfcfab9d6641fe4696ba1202131 | https://github.com/anthropics/claude-code/issues/50423

## 11. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_1448fd32254e42c7a13bb07c4d4b376e | https://github.com/anthropics/claude-code/issues/63538

## 12. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_88549375cbdc40f5b59125e4fbda8e11 | https://github.com/anthropics/claude-code/issues/33041

## 13. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_87e11d1be1a941db9b9a16f57f0303ef | https://github.com/anthropics/claude-code/issues/64117

## 14. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_79e2cfaaa0d840d0ad2301e7fdee0458 | https://github.com/anthropics/claude-code/issues/64112

## 15. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_ff2e3e5c8d8544f49fb33923239ce9ae | https://github.com/anthropics/claude-code/issues/50423

## 16. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_72142433607342c683efa2dfd91727e1 | https://github.com/anthropics/claude-code/issues/63884

## 17. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: [BUG] Old sessions do not open, also cannot start new sessions
- User impact: Developers may fail before the first successful local run: [BUG] Old sessions do not open, also cannot start new sessions
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [BUG] Old sessions do not open, also cannot start new sessions. Context: Observed when using windows
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_369baf02a3bc53ab601dee041b939afe | https://github.com/anthropics/claude-code/issues/64109

## 18. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: capability.host_targets | github_repo:937253475 | https://github.com/anthropics/claude-code

## 19. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Feature Request: Cross-device session sync between desktop and mobile
- User impact: Developers may misconfigure credentials, environment, or host setup: Feature Request: Cross-device session sync between desktop and mobile
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Feature Request: Cross-device session sync between desktop and mobile. Context: Source discussion did not expose a precise runtime context.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_283825ec99bcea39a11f0a6e6c298804 | https://github.com/anthropics/claude-code/issues/61298

## 20. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Harness silently executes duplicated parallel tool_use blocks: subagent fan-out runs N× the intended count (6 → 24)
- User impact: Developers may misconfigure credentials, environment, or host setup: Harness silently executes duplicated parallel tool_use blocks: subagent fan-out runs N× the intended count (6 → 24)
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Harness silently executes duplicated parallel tool_use blocks: subagent fan-out runs N× the intended count (6 → 24). Context: Observed during installation or first-run setup.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_a856115bae11a139a2c97e4617737eed | https://github.com/anthropics/claude-code/issues/64080

## 21. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Session titles generated in English despite locale set to ko-KR
- User impact: Developers may misconfigure credentials, environment, or host setup: Session titles generated in English despite locale set to ko-KR
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Session titles generated in English despite locale set to ko-KR. Context: Observed when using windows
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_0388434519fd0a36700613913cb137e0 | https://github.com/anthropics/claude-code/issues/64111

## 22. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: [FEATURE] Multi-account switching in Claude Mobile app without shared email
- User impact: Developers may misconfigure credentials, environment, or host setup: [FEATURE] Multi-account switching in Claude Mobile app without shared email
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [FEATURE] Multi-account switching in Claude Mobile app without shared email. Context: Source discussion did not expose a precise runtime context.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_13a40dd6b5f966f8cf8d81e22aa64f3e | https://github.com/anthropics/claude-code/issues/36151

## 23. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_d98a409f57c74c26a5ba696527e6c1b0 | https://github.com/anthropics/claude-code/issues/64110

## 24. Capability evidence risk - Capability evidence risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: capability.assumptions | github_repo:937253475 | https://github.com/anthropics/claude-code

## 25. Runtime risk - Runtime risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this runtime risk before relying on the project: [FEATURE] Continue when the session limit reached
- User impact: Developers may hit a documented source-backed failure mode: [FEATURE] Continue when the session limit reached
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [FEATURE] Continue when the session limit reached. Context: Source discussion did not expose a precise runtime context.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_0940bbcf61d4a9404571f32848072c7d | https://github.com/anthropics/claude-code/issues/13354

## 26. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: evidence.maintainer_signals | github_repo:937253475 | https://github.com/anthropics/claude-code

## 27. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: downstream_validation.risk_items | github_repo:937253475 | https://github.com/anthropics/claude-code

## 28. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: risks.scoring_risks | github_repo:937253475 | https://github.com/anthropics/claude-code

## 29. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: community_evidence:github | cevd_2cc9f1b9f9da461b8ec530dcb1cdf6fa | https://github.com/anthropics/claude-code/issues/64106

## 30. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: Tool calls intermittently emitted as literal text (stray 'court' + raw <invoke>) instead of executing — mostly Edit/Read (Opus, CLI)
- User impact: Developers may hit a documented source-backed failure mode: Tool calls intermittently emitted as literal text (stray 'court' + raw <invoke>) instead of executing — mostly Edit/Read (Opus, CLI)
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Tool calls intermittently emitted as literal text (stray 'court' + raw <invoke>) instead of executing — mostly Edit/Read (Opus, CLI). Context: Observed when using macos
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_2933d9f47cbf4f5f4fb221bac31ceb7d | https://github.com/anthropics/claude-code/issues/64108

## 31. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: Tool-result envelope injected into tool-call input channel during parallel tool batches (corruption + cascade cancellation)
- User impact: Developers may hit a documented source-backed failure mode: Tool-result envelope injected into tool-call input channel during parallel tool batches (corruption + cascade cancellation)
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Tool-result envelope injected into tool-call input channel during parallel tool batches (corruption + cascade cancellation). Context: Observed when using macos
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_c36dedf952efb0b87258d9add70eb890 | https://github.com/anthropics/claude-code/issues/64095

## 32. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: [BUG] API Error: Server is temporarily limiting requests (not your usage limit) · Rate limited
- User impact: Developers may hit a documented source-backed failure mode: [BUG] API Error: Server is temporarily limiting requests (not your usage limit) · Rate limited
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [BUG] API Error: Server is temporarily limiting requests (not your usage limit) · Rate limited. Context: Observed when using windows
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_f149428db4eaf50a33b3d1a869e10e0a | https://github.com/anthropics/claude-code/issues/53915

## 33. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: [BUG] Repeated malformed tool-call markup (stray count before <invoke>) within one session — commands silently dropped
- User impact: Developers may hit a documented source-backed failure mode: [BUG] Repeated malformed tool-call markup (stray count before <invoke>) within one session — commands silently dropped
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [BUG] Repeated malformed tool-call markup (stray count before <invoke>) within one session — commands silently dropped. Context: Observed when using macos
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_90aaa75e00b64d60d6925606deeeac09 | https://github.com/anthropics/claude-code/issues/64112

## 34. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: [Bug] Anthropic API Error: Server Rate Limiting on Recurring Requests
- User impact: Developers may hit a documented source-backed failure mode: [Bug] Anthropic API Error: Server Rate Limiting on Recurring Requests
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [Bug] Anthropic API Error: Server Rate Limiting on Recurring Requests. Context: Observed when using macos
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_74b4a063bf7b78b902bf847b1e15998c | https://github.com/anthropics/claude-code/issues/64101

## 35. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: Cancelling a parallel tool-call batch corrupts thinking blocks -> 400 "thinking blocks cannot be modified" permanently wedges the session
- User impact: Developers may hit a documented source-backed failure mode: Cancelling a parallel tool-call batch corrupts thinking blocks -> 400 "thinking blocks cannot be modified" permanently wedges the session
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_c47900c3ee637585906fc588a2c5cca4 | https://github.com/anthropics/claude-code/issues/63192

## 36. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: Opus (CLI) took down a node's DNS by deploying a k8s LoadBalancer on :53, after dismissing on-screen evidence the port was the host resolver
- User impact: Developers may hit a documented source-backed failure mode: Opus (CLI) took down a node's DNS by deploying a k8s LoadBalancer on :53, after dismissing on-screen evidence the port was the host resolver
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_412c2e9812e680366a198d368bc09d58 | https://github.com/anthropics/claude-code/issues/64110

## 37. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: Tool calls leak as raw text ('call' + args) instead of executing — frequent on Opus 4.8
- User impact: Developers may hit a documented source-backed failure mode: Tool calls leak as raw text ('call' + args) instead of executing — frequent on Opus 4.8
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Guardrail: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_fae94d46beb702ecb9e71f49ebeb7268 | https://github.com/anthropics/claude-code/issues/64106

## 38. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: evidence.maintainer_signals | github_repo:937253475 | https://github.com/anthropics/claude-code

## 39. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Suggested check: Reproduce the official install and quickstart path in an isolated environment.
- Evidence: evidence.maintainer_signals | github_repo:937253475 | https://github.com/anthropics/claude-code